<?php
    session_start();
    header('Content-type:text/html;charset=utf-8');
    //var_dump($_POST);

    $old=md5($_POST['old']);
    $new=md5($_POST['new']);
    $renew=md5($_POST['renew']);
    $code=$_POST['code'];
    $id=$_SESSION['user']['id'];
    //var_dump($id);

     //判断验证码是否正确
    if($code!==$_SESSION['vcode']){
        echo '<script>alert("验证码不正确！");window.location.href="./passwd.php"</script>';
	exit;
     }

    //获得旧密码；
    include('../../install/dbconfig.php');
    mysql_connect(DB_HOST,DB_USER,DB_PASSWD);
    mysql_select_db(DB_NAME);
    mysql_set_charset(DB_CHARSET);
    $SQL="select passwd from user where id='{$id}'";
    $res=mysql_query($SQL);
    $arr=mysql_fetch_assoc($res);
    $oldpasswd=$arr['passwd'];

    //判断旧密码是否相同
    if($old!==$oldpasswd){
        echo '<script>alert("原密码不正确！");window.location.href="./passwd.php"</script>';
	exit;
    }
        
    //判断新密码是否相同
    if($new!==$renew){
        echo '<script>alert("两次新密码不相同！");window.location.href="./passwd.php"</script>';
	exit;
    }
    //改密码；
    $NSQL="update user set passwd='{$new}' where id={$id}";
    $nres=mysql_query($NSQL);
    mysql_close();
    if($nres && mysql_affected_rows()>0){
        echo '<script>alert("修改成功！");window.location.href="./passwd.php"</script>';
    }


?>
